Not forgotten yet - Windows 10 Mobile updated to Build 15254.566 (changelog)

Share
Not forgotten yet - Windows 10 Mobile updated to Build 15254.566 (changelog)

The vulnerability causing all the fuss is a flaw in Remote Desktop Services, which as the name implies lets you remotely control a far-off PC from a second PC.

The vulnerability in Remote Desktop Services is pre-authentication and requires no user interaction, which means that any malware using this flaw could propagate from computer to computer like the WannaCry ransomware attack in 2017.

"We are taking the unusual step of providing a security update for all customers to protect Windows platforms, including some out-of-support versions of Windows", the Microsoft Security Response Team wrote in a blog posting today. "Now that I have your attention, it is important that affected systems are patched as quickly as possible to prevent such a scenario from happening".

For highly likely, read absolutely certain: a malware propagation method like this is going to be appearing very soon since it's a low-priced, highly effective way of spamming out ransomware and trojans.

Customers who use an in-support version of Windows such as Windows 7 and Windows Server 2008 will receive the update if they have automatic updates enabled, while Windows XP users can download fixes from Microsoft's Update Catalogue or upgrade their version of Windows.

Microsoft says all supported versions of Windows are affected, including Windows 10, and comes down to the way Windows Error Reporting handles files.

Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as Microarchitectural Data Sampling, for 64-Bit (x64) versions of Windows (CVE-2019-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130).

An attacker "could exploit this flaw to gain remote code execution" and is likely to be "exploited in the wild in the near future as attackers develop exploit code", Narang said.

CVE-2019-0708 does not affect Microsoft's latest operating systems - Windows 10, Windows 8.1, Windows 8, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, or Windows Server 2012. As is traditional, Adobe dropped 86 flaw fixes, mainly in Reader and Acrobat, and Citrix, too, has one of its own.

The patch came as part of Microsoft's monthly Patch Tuesday, which in May addressed 22 critical vulnerabilities.

This update is available normally via Windows Update, and you don't have to be in the Windows Insider program to receive it.

Microsoft's patch joins other fixes from companies including Apple and Google.

Share

Advertisement

Related Posts

Google Shopping will work across all Google products, replace Google Express
Which makes moves like finding new places to sell and display ads certainly understandable - or, at least, not unexpected. At Google I/O 2019, Google showed how the Assistant would ...

Kang captures first PGA title at Byron Nelson
Spain's Carlos Ortiz made a big move in the final round, with an eagle on the first hole and going 5 under through seven holes. Kang, who said he unexpectedly felt calm throughout the round, had just three-putted for his first bogey in 38 holes.

Huawei willing to sign ‘no-spy’ agreements with governments, says chairman
The Huawei logo stands on a Huawei office building in Dongguan in China's southern Guangdong province on 18 December 2018. In December, Huawei CFO Wanzhou Meng was arrested in Canada on suspicion of violating US sanctions concerning Iran.

F1 great Schumacher will be subject of new documentary
Rocket Science is the film's executive producer and will handle global sales set to begin at this year's Cannes film festival . Kammertöns is the senior editor of Hamburg weekly newspaper Die Zeit and has worked on TV documentaries for ARD and Arte.

Trump says tariffs battle will help USA farmers
But both sides have expressed willingness to come together and make a trade deal to cool the escalating trade war between the two superpowers.

‘Stranger Things’ LEGO Is Coming to Take You to The Upside Down
Hop to it, nerds! You get the house's front façade, but in the back are multiple rooms, including Will's bedroom. The set will be available for LEGO VIP members starting tomorrow and for everyone else on June 1st.

Tiger Woods and girlfriend sued over wrongful death of barman at restaurant
Eastern tee time Thursday, will be the first player to use a cart at a major since Casey Martin at the 2012 U.S. Thomas will be replaced in the field by fellow American and world No 192 Kelly Kraft.

Madison Bumgarner puts Yankees on no-trade list in clever move
The no-trade list is an additional obstacle Boston will have to deal with if things get to that point. However, he has eight teams on his no-trade clause.

Mike Pompeo Tells Russia: Don't Meddle In Next US Presidential Election
Russian President Vladimir Putin, accompanied by Foreign Minister Sergey Lavrov, meets with U.S. Secretary of State at the Bocharov Ruchei residence in Sochi , May 14, 2019 .

Muslim killed in Sri Lanka riots despite curfew
Muslim political parties said at least one person died in the riots but the security officials have refused to confirm the death. They threw rocks and Molotov cocktails at Muslim-owned businesses, attacked Muslim homes and ransacked the town's main mosque.

© 2015 ExpressNewsline. All Rights reserved.